From ${URL} : Description A security issue has been discovered in pixz, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issue is caused due to the application creating packed and unpacked files with umask-dependent permissions. This can be exploited to e.g. potentially disclose contents of created archives. The security issue is confirmed in version 1.0.2. Solution: No official solution is currently available. Provided and/or discovered by: Tomasz Czyz within a GitHub issue. Original Advisory: Tomasz Czyz: https://github.com/vasi/pixz/issues/15 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
This is fixed in 1.0.3 which is currently in the tree: https://github.com/vasi/pixz/commit/e5ba30f9c018db7c5919c21332a8d4ee827221bb @maintainer, latest upstream is 1.0.6 if you are interested in bumping this.